<?php
$link = mysql_connect('localhost','cs4350','!@'); 
if (!$link) { 
    die('Could not connect to MySQL: ' . mysql_error()); 
}
else {
    echo 'You are connected to the cs4350 database server!</br>';
}
if (!mysql_select_db( 'todo', $link)) {
    die('Aw snap, no database named todo...');
}
else {
    echo 'You are now using the todo database!</br>';
}

$username = $_POST['username'];
$password = md5($_POST["password"]);

//$sql = 'select * from users';
$Name;	
$picture;

if (!empty($_FILES['attachName']['name'])){
	$Name = $_FILES['attachName']['name'];
	$picture = $_FILES['attachName']['name'];
	$UploadPath = "profile/";
	$UploadPath = $UploadPath . basename($_FILES['attachName']['name']);
	
	echo $UploadPath . '<br/>';
	echo($_FILES['attachName']['tmp_name']) . '<br/>';
	if (!file_exists($UploadPath)){
		if(move_uploaded_file($_FILES['attachName']['tmp_name'], $UploadPath)) {
			echo "The file ".  basename( $_FILES['attachName']['name']). 
			" has been uploaded";
		} else{
			echo "Return Code: " . $_FILES["attachName"]["error"] . "<br />";
		}
	}
	$sql = 'UPDATE users SET users.pic="' . $picture .'" WHERE users.user="' . $username . '"';
	$pic = mysql_query($sql, $link);
	if($pic){
		echo ('boo');
	} else {
		die($sql);
	}
}


$sql = 'UPDATE users SET users.pass="' . $password . '", users.email="' . $_POST['email'] . '", users.fName="' . $_POST['fName'] . '", users.lName="' . $_POST['lName'] . '" WHERE users.user="' . $username . '"';

$updated = mysql_query($sql, $link);

if($updated){
	header('location:profile.php?user='.$username);
} else {
	die($sql);
}





mysql_close($link);

?>